Full Disclosure
Posted by Securify B.V. on Apr 14
————————————————————————
Persistent Cross-Site Scripting in Scriptler Jenkins Plugin
————————————————————————
Burak Kelebek, April 2017
————————————————————————
Abstract
————————————————————————
A Cross-Site Scripting vulnerability was found in the…
Posted by hyp3rlinx on Apr 14
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/ADOBE-CREATIVE-CLOUD-PRIVILEGE-ESCALATION.txt
[+] ISR: apparitionSec
Vendor:
==============
www.adobe.com
Product:
========================================
Adobe Creative Cloud Desktop Application
<= v4.0.0.185
Vulnerability Type:
=====================
Privilege Escalation
CVE Reference:
==============…
Posted by DefenseCode on Apr 12
DefenseCode Security Advisory
Magento 0day Arbitrary File Upload Vulnerability
(Remote Code Execution, CSRF)
Advisory ID: DC-2017-04-003
Software: Magento CE
Software Language: PHP
Version: 2.1.6 and below
Vendor Status: Vendor contacted / Not fixed
Release Date: 20170413
Risk: High
# Advisory Overview
During the security audit of Magento Community Edition, a highly popular
e-commerce platform, a high risk…
Posted by DefenseCode on Apr 12
DefenseCode ThunderScan SAST Advisory
53+ WordPress plugins by BestWebSoft Multiple
Cross-Site Scripting (XSS) Vulnerabilities
Advisory ID: DC-2017-02-014
Software: 53+ WordPress plugins by BestWebSoft
Software Language: PHP
Version: Various
Vendor Status: Vendor contacted, vulnerabilities confirmed
Release Date: 20170412
Risk: Medium
# Advisory Overview
BestWebSoft published more than 50 plugins to the wordpress.org site….
Posted by DefenseCode on Apr 12
DefenseCode ThunderScan SAST Advisory
WordPress Tribulant Slideshow Gallery Plugin – Cross-Site Scripting
Vulnerabilities
Advisory ID: DC-2017-01-014
Software: WordPress Tribulant Slideshow Gallery plugin
Software Language: PHP
Version: 1.6.4 and below
Vendor Status: Vendor contacted, fix released
Release Date: 20170410
Risk: Medium
# Brief Vulnerability Description
During the security analysis, ThunderScan discovered multiple…
Posted by Mark Wadham on Apr 12
With CVE-2017-7643 I disclosed a command injection vulnerablity in the
KLoader
binary that ships with Proxifier <= 2.18.
Unfortunately 2.19 is also vulnerable to a slightly different attack
that
yields the same result.
When Proxifier is first run, if the KLoader binary is not suid root it
gets
executed as root by Proxifier.app (the user is prompted to enter an
admin
password). The KLoader binary will then make itself suid root so that…
Posted by Prajwal Panchmahalkar on Apr 12
___ ___ __ __
/ _ / _ / /
___| | | | ___| | | |_ __ _____ V /
/ __| | | |/ __| | | | ‘_ ______> <
| (__| |_| | (__| |_| | | | | / .
___|___/ ___|___/|_| |_| /_/ _
#################################################################
c0c0n X | The cy0ps c0n – Call For Papers & Call For Workshops…
Posted by Mark Wadham on Apr 12
Sorry, the exploit code got mangled :S
————————-
#!/bin/bash
#####################################################################
# Local root exploit for vulnerable KLoader binary distributed with #
# Proxifier for Mac v2.18 #
#####################################################################
# by m4rkw #…
Posted by Securify B.V. on Apr 11
————————————————————————
Microsoft Office OneNote 2007 DLL side loading vulnerability
————————————————————————
Yorick Koster, September 2015
————————————————————————
Abstract
————————————————————————
A DLL side loading vulnerability was found in Microsoft…
Posted by Securify B.V. on Apr 11
————————————————————————
Multiple local privilege escalation vulnerabilities in Proxifier for Mac
————————————————————————
Yorick Koster, April 2017
————————————————————————
Abstract
————————————————————————
Multiple local privileges escalation…